Category: Exchange


Exchange 2013, how to put server in maintenance mode:

 

WEB RESOURCES

http://ehloexchange.com/exchange-maintenance-mode/

https://blogs.technet.microsoft.com/nawar/2014/03/30/exchange-2013-maintenance-mode/

http://www.enpointe.com/blog/server-maintenance-with-exchange-2013-step-by-step-guide

 

MAILBOX ROLE

Set-ServerComponentState $env:COMPUTERNAME -Component HubTransport -State Draining -Requester Maintenance

Redirect-Message -Server $env:COMPUTERNAME -Target <otherserver> -confirm:$false

Suspend-ClusterNode $env:COMPUTERNAME

Set-MailboxServer $env:COMPUTERNAME -DatabaseCopyActivationDisabledAndMoveNow $True

Set-MailboxServer $env:COMPUTERNAME -DatabaseCopyAutoActivationPolicy Blocked

Set-ServerComponentState $env:COMPUTERNAME -Component ServerWideOffline -State Inactive -Requester Maintenance

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

Get-MailboxServer $env:COMPUTERNAME | Format-Table DatabaseCopy* -Autosize

Get-ClusterNode $env:COMPUTERNAME | Format-List

 

Get-MailboxDatabaseCopyStatus |where {$_.status -like “mounted”}
Note here: You need to make sure that there are no mounted databases, if that is not the case, you need to wait several minutes and the run it again.

 

CAS ROLE

Set-ServerComponentState $env:COMPUTERNAME -Component HubTransport -State Draining -Requester Maintenance

Redirect-Message -Server $env:COMPUTERNAME -Target <otherserver> -confirm:$false

Set-ServerComponentState $env:COMPUTERNAME -Component ServerWideOffline -State Inactive -Requester Maintenance

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

 

EDGE ROLE

Set-ServerComponentState $env:COMPUTERNAME -Component ServerWideOffline -State Inactive -Requester Maintenance

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

 

 

EXCHANGE MAINTENANCE MODE DEACTIVATION

 

Access the server through RDP and open Exchange Powershell in Admin mode, with a account member of the right group (Server management / Organization Management)

 

MAILBOX ROLE

Set-ServerComponentState $env:COMPUTERNAME -Component ServerWideOffline -State Active -Requester Maintenance

Resume-ClusterNode $env:COMPUTERNAME

Set-MailboxServer $env:COMPUTERNAME -DatabaseCopyActivationDisabledAndMoveNow $false

Set-MailboxServer $env:COMPUTERNAME -DatabaseCopyAutoActivationPolicy Unrestricted

Set-ServerComponentState -Identity $env:COMPUTERNAME -Component HubTransport -State Active -Requester Maintenance

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

Get-MailboxServer $env:COMPUTERNAME | Format-Table DatabaseCopy* -Autosize

Get-ClusterNode $env:COMPUTERNAME | Format-List

 

CAS ROLE

Set-ServerComponentState -Identity $env:COMPUTERNAME -Component HubTransport -State Active -Requester Maintenance

Set-ServerComponentState $env:COMPUTERNAME -Component ServerWideOffline -State Active -Requester Maintenance

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

 

EDGE ROLE

Set-ServerComponentState $env:COMPUTERNAME -Component ServerWideOffline -State Active -Requester Maintenance

Get-ServerComponentState $env:COMPUTERNAME | Format-Table Component,State -Autosize

 

Advertisements

ProxyAddress attribute is used by different applications and it can store different type of user addresses (sip, smtp, x500).

If you sync accounts with non-verified domain to O365, those addresses can be replaced with the default onmicrosof.com domain.

Some interesting reading regarding this topic:

ADConnect not Syncing ProxyAccount for email Alias from on Premise AD to Azure AD

https://social.msdn.microsoft.com/Forums/azure/en-US/3226e41c-1db1-4299-9f24-0179e05fac09/adconnect-not-syncing-proxyaccount-for-email-alias-from-on-premise-ad-to-azure-ad-i-am-using?forum=WindowsAzureAD

List of attributes that are synced by the Azure Active Directory Sync Tool

https://social.technet.microsoft.com/wiki/contents/articles/19901.dirsync-list-of-attributes-that-are-synced-by-the-azure-active-directory-sync-tool.aspx

A mail user who has proxy addresses that use non-verified domains isn’t synced in an Exchange hybrid deployment

https://support.microsoft.com/en-us/help/3124148/a-mail-user-who-has-proxy-addresses-that-use-non-verified-domains-isn

Wrong domain address when synchronizing from on premise AD

https://social.msdn.microsoft.com/Forums/azure/en-US/7ddc1885-850d-487f-bf40-a91f1f5d15c8/wrong-domain-address-when-synchronizing-from-on-premise-ad?forum=WindowsAzureAD

Azure AD Connect sync: Attributes synchronized to Azure Active Directory

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnectsync-attributes-synchronized

Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

https://www.microsoft.com/en-us/download/details.aspx?id=55319

Other references:

2012 R2 hardening (CIS):

https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf

Windows 10 hardening:

https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

 

 

 

Message Header analyzer

How to troubleshoot email message:

https://testconnectivity.microsoft.com/MHA/Pages/mha.aspx

plug-in for outlook: https://appsource.microsoft.com/en-us/product/office/WA104005406

 

 

 

http://info.adaptivedge.com/blog/2017/04/30/how-to-enable-office-365-group-writeback-for-a-hybrid-coexistence-environment

There is no way by default; only after O365 groups creation using this powershell script:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

#Get all Office 365 Groups that have have the Welcome Message enabled

$O365Groups = Get-UnifiedGroup | Where-Object{$_.WelcomeMessageEnabled -eq $true}

#Iterate through the Groups, disabling the Welcome Message

foreach ($group in $O365Groups) {

Write-Host “Disabling Welcome Message on O365 Group: ” -NoNewline;

Write-Host $group.DisplayName -ForegroundColor Cyan

Set-UnifiedGroup $group.Identity -UnifiedGroupWelcomeMessageEnabled:$false

}

#Close the Session

Remove-PSSession $Session

How to display Room mailbox settings with PowerShell:

 

References:

https://o365info.com/room-mailbox-powershell-commands/

How to install the Exchange management tools and PowerShell cmdlets:

For Exchange 2016:

https://technet.microsoft.com/en-us/library/bb232090(v=exchg.160).aspx

in short: Setup.exe /Role:ManagementTools /IAcceptExchangeServerLicenseTerms

Best practices:

Connecting to Exchange on-premises using PowerShell remoting is a simple task, and means that you do not need to go the trouble of installing the Exchange management tools on your computer just to perform day to day administrative tasks.

There are three steps to establishing a remote PowerShell session to your Exchange server:

  • Capture admin credentials
  • Create a new PSSession
  • Import the PSSession

https://practical365.com/exchange-server/powershell-function-to-connect-to-exchange-on-premises/

Usage: Connect-Exchange -URL exchange2.mydomain.local

 

Scripts repository for Exchange:

https://github.com/cunninghamp/Powershell-Exchange

 

 

 

Web resources:

https://practical365.com/exchange-server/hybrid-exchange-office-365/

 

How to move Mailbox to Exchange online:

https://technet.microsoft.com/en-us/library/o365e_hrcmoverequest_fl312271(v=exchg.150).aspx